[Gloucs] Snort!
Jill Tovey
gloucs at mailman.lug.org.uk
Mon Apr 7 13:30:00 2003
--=-ikrsEhFPxs8w5XcZpiGf
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
yes okay, I have now realised that I do not type -k and --insecure
together
its been a long day
;-)
On Fri, 2003-04-04 at 15:53, Jill Tovey wrote:
For some reason my email messages always get caught by the spam
filter, only to arrive a few days out of sync with everyone else, so
apologies if my messages are appearing not to make sense!
anyway,
after fiddling about with curl, I have now moved on to this error:
curl: (35) SSL: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
According to the curl help file,
If I type
curl -k/--insecure it will "Allow curl to connect to SSL sites
without certs (H)"
Which would seem to be what I want!
However, on typing that it just says
curl: option -k/--insecure is unknown
I am currently looking for good guides to create my own certificate.
On Fri, 2003-04-04 at 11:46, Gareth Bromley wrote:
On 1 Apr 2003, Jill Tovey wrote:
> I am at the stage the stage where I am adding the sensor agent, the
> information I am typing in is as follows:
> enable sensor - ticked yes
> sensor name - snort
> sensor ip - 192.168.0.2
> sensor port - 2525
> username - admin
> password - ******
> Sensor Agent Type - snort centre agent v1 (ssl enabled)
> Interface name to sniff - eth0
> Snort command line - -U -o
OK, what version of Snort are you running, what addons and what Linux
platform.
> Now, when I go to view sensor it says this:
> snort ->eth0 Can't Connect to 192.168.0.2:2525 Retry Connecting
What package is this in?
> Sensor Message sh: line 1: curl: command not found
Looks like a PATH setting problem or lack of curl on your platform.
> I have tried a few variations on the sensor - such as using jt.mandrake
> (my hostname), 127.0.0.1, etc. I have also put an extra ethernet card in
> and tried using that but it shouldn't and didn't make a difference.
How many network cards do you have in your Snort sensor?
Using only 1 leaves it open to direct network attack, and you should use a
seperate promisc card unaddressed to sniff the network.
> Now, when i go to https://localhost:2525/
> i find this error:
> Current config file error:
> sh: line 1: /usr/sbinsnort: No such file or directory
Again what tool are you using?
Cheers
Gareth
_______________________________________________
gloucs mailing list
gloucs@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/gloucs
--=-ikrsEhFPxs8w5XcZpiGf
Content-Type: text/html; charset=utf-8
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/1.0.4">
</HEAD>
<BODY>
yes okay, I have now realised that I do not type -k and --insecure together
<BR>
<BR>
its been a long day
<BR>
<BR>
;-)
<BR>
<BR>
On Fri, 2003-04-04 at 15:53, Jill Tovey wrote:
<BLOCKQUOTE>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>For some reason my email messages always get caught by the spam filter, only to arrive a few days out of sync with everyone else, so apologies if my messages are appearing not to make sense! </FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>anyway, </FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>after fiddling about with curl, I have now moved on to this error: </FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>curl: (35) SSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed </FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>According to the curl help file, </FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>If I type </FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>curl -k/--insecure it will "Allow curl to connect to SSL sites without certs (H)" </FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>Which would seem to be what I want! </FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>However, on typing that it just says </FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>curl: option -k/--insecure is unknown </FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>I am currently looking for good guides to create my own certificate. </FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<BR>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>On Fri, 2003-04-04 at 11:46, Gareth Bromley wrote: </FONT></FONT></I>
<BLOCKQUOTE>
<PRE><FONT COLOR="#995ee8"><FONT SIZE="3"><I>On 1 Apr 2003, Jill Tovey wrote:</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> I am at the stage the stage where I am adding the sensor agent, the</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> information I am typing in is as follows:</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> enable sensor - ticked yes</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> sensor name - snort</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> sensor ip - 192.168.0.2</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> sensor port - 2525</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> username - admin</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> password - ******</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> Sensor Agent Type - snort centre agent v1 (ssl enabled)</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> Interface name to sniff - eth0</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> Snort command line - -U -o</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>OK, what version of Snort are you running, what addons and what Linux</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>platform.</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> Now, when I go to view sensor it says this:</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> snort ->eth0 Can't Connect to 192.168.0.2:2525 Retry Connecting</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>What package is this in?</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> Sensor Message sh: line 1: curl: command not found</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>Looks like a PATH setting problem or lack of curl on your platform.</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> I have tried a few variations on the sensor - such as using jt.mandrake</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> (my hostname), 127.0.0.1, etc. I have also put an extra ethernet card in</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> and tried using that but it shouldn't and didn't make a difference.</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>How many network cards do you have in your Snort sensor?</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>Using only 1 leaves it open to direct network attack, and you should use a</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>seperate promisc card unaddressed to sniff the network.</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> Now, when i go to https://localhost:2525/</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> i find this error:</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> Current config file error:</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>> sh: line 1: /usr/sbinsnort: No such file or directory</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>Again what tool are you using?</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>Cheers</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>Gareth</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>_______________________________________________</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>gloucs mailing list</FONT></FONT></I>
<FONT COLOR="#995ee8"><FONT SIZE="3"><I>gloucs@mailman.lug.org.uk</FONT></FONT></I></PRE>
</BLOCKQUOTE>
<A HREF="http://mailman.lug.org.uk/mailman/listinfo/gloucs"><FONT SIZE="3"><I>http://mailman.lug.org.uk/mailman/listinfo/gloucs</FONT></I></A>
<BR>
</BLOCKQUOTE>
</BODY>
</HTML>
--=-ikrsEhFPxs8w5XcZpiGf--